ferm initial checkin

author Martin Zobel-Helas <zobel@debian.org>

Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)

committer Martin Zobel-Helas <zobel@debian.org>

Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
author Martin Zobel-Helas <zobel@debian.org>
Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
committer Martin Zobel-Helas <zobel@debian.org>
Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
diff --git a/manifests/site.pp b/manifests/site.pp

index 64b54d2..4525e50 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -83,4 +83,7 @@ node default {
      case $hoster {
          "ubcece", "darmstadt", "ftcollins", "grnet":  { include resolv }
      }
+    case $hostname {
+       brahms: { include ferm }
+    }
  }
diff --git a/modules/munin-node/manifests/init.pp b/modules/munin-node/manifests/init.pp

index 29bef07..5b61d16 100644 (file)
--- a/modules/munin-node/manifests/init.pp
+++ b/modules/munin-node/manifests/init.pp
@@ -75,5 +75,10 @@ class munin-node {
          path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
          refreshonly => true,
      }
+    ferm::rule { "dsa-munin":
+        description     => "Allow munin-node from spohr.debian.org",
+        rule            => "proto tcp dport 4949 saddr $HOST_MUNIN ACCEPT"
+       prio            => "02"
+   }
  }
  
diff --git a/modules/nagios/manifests/init.pp b/modules/nagios/manifests/init.pp

index 13c0dc9..f3e3cbc 100644 (file)
--- a/modules/nagios/manifests/init.pp
+++ b/modules/nagios/manifests/init.pp
@@ -2,4 +2,9 @@ class nagios {
         package {
                 nagios-nrpe-server: ensure => installed;
         }
+       ferm::rule { "dsa-nagios":
+               description     => "Allow nrpe from spohr.debian.org",
+               rule            => "proto tcp dport 5666 saddr $HOST_NAGIOS ACCEPT"
+               prio            => "03"
+       }
  }
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp

index 13a7e0b..b3e32e3 100644 (file)
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -37,4 +37,11 @@ class ssh {
              path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
              refreshonly => true,
          }
+        ferm::rule { "dsa-ssh":
+               description     => "Allow SSH",
+               rule            => "proto tcp dport ssh ACCEPT",
+               domain          => "(ip ip6)",
+               prio            => "01"
+        }
+
  }
author	Martin Zobel-Helas <zobel@debian.org>
	Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
committer	Martin Zobel-Helas <zobel@debian.org>
	Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
manifests/site.pp		patch \| blob \| history
modules/munin-node/manifests/init.pp		patch \| blob \| history
modules/nagios/manifests/init.pp		patch \| blob \| history
modules/ssh/manifests/init.pp		patch \| blob \| history